diff options
Diffstat (limited to 'Swiften/SASL')
-rw-r--r-- | Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp | 14 | ||||
-rw-r--r-- | Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp | 30 |
2 files changed, 40 insertions, 4 deletions
diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp index 16c938a..ab61ef5 100644 --- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp +++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp @@ -13,8 +13,6 @@ namespace Swift { SCRAMSHA1ClientAuthenticator::SCRAMSHA1ClientAuthenticator(const String& nonce) : ClientAuthenticator("SCRAM-SHA-1"), step(Initial), clientnonce(nonce) { - // TODO: Normalize authentication id - // TODO: Normalize getPassword() } ByteArray SCRAMSHA1ClientAuthenticator::getResponse() const { @@ -38,10 +36,19 @@ bool SCRAMSHA1ClientAuthenticator::setChallenge(const ByteArray& challenge) { if (step == Initial) { initialServerMessage = challenge; - // TODO: Check if these values are correct + // TODO: Check if this is correct std::map<char, String> keys = parseMap(String(initialServerMessage.getData(), initialServerMessage.getSize())); ByteArray salt = Base64::decode(keys['s']); String clientServerNonce = keys['r']; + + // Extract the server nonce + if (clientServerNonce.getUTF8Size() <= clientnonce.getUTF8Size()) { + return false; + } + String receivedClientNonce = clientServerNonce.getSubstring(0, clientnonce.getUTF8Size()); + if (receivedClientNonce != clientnonce) { + return false; + } serverNonce = clientServerNonce.getSubstring(clientnonce.getUTF8Size(), clientServerNonce.npos()); int iterations = boost::lexical_cast<int>(keys['i'].getUTF8String()); @@ -61,7 +68,6 @@ bool SCRAMSHA1ClientAuthenticator::setChallenge(const ByteArray& challenge) { } std::map<char, String> SCRAMSHA1ClientAuthenticator::parseMap(const String& s) { - // TODO: Do some proper checking here std::map<char, String> result; if (s.getUTF8Size() > 0) { char key; diff --git a/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp b/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp index 618a748..01adc18 100644 --- a/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp +++ b/Swiften/SASL/UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp @@ -11,6 +11,9 @@ class SCRAMSHA1ClientAuthenticatorTest : public CppUnit::TestFixture { CPPUNIT_TEST(testGetInitialResponse); CPPUNIT_TEST(testGetInitialResponse_UsernameHasSpecialChars); CPPUNIT_TEST(testGetFinalResponse); + CPPUNIT_TEST(testSetChallenge); + CPPUNIT_TEST(testSetChallenge_InvalidClientNonce); + CPPUNIT_TEST(testSetChallenge_OnlyClientNonce); CPPUNIT_TEST(testSetFinalChallenge); CPPUNIT_TEST(testSetFinalChallenge_InvalidChallenge); CPPUNIT_TEST_SUITE_END(); @@ -56,6 +59,33 @@ class SCRAMSHA1ClientAuthenticatorTest : public CppUnit::TestFixture { CPPUNIT_ASSERT(result); } + void testSetChallenge() { + SCRAMSHA1ClientAuthenticator testling("abcdefgh"); + testling.setCredentials("user", "pass", ""); + + bool result = testling.setChallenge(ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=4096")); + + CPPUNIT_ASSERT(result); + } + + void testSetChallenge_InvalidClientNonce() { + SCRAMSHA1ClientAuthenticator testling("abcdefgh"); + testling.setCredentials("user", "pass", ""); + + bool result = testling.setChallenge(ByteArray("r=abcdefgiABCDEFGH,s=MTIzNDU2NzgK,i=4096")); + + CPPUNIT_ASSERT(!result); + } + + void testSetChallenge_OnlyClientNonce() { + SCRAMSHA1ClientAuthenticator testling("abcdefgh"); + testling.setCredentials("user", "pass", ""); + + bool result = testling.setChallenge(ByteArray("r=abcdefgh,s=MTIzNDU2NzgK,i=4096")); + + CPPUNIT_ASSERT(!result); + } + void testSetFinalChallenge_InvalidChallenge() { SCRAMSHA1ClientAuthenticator testling("abcdefgh"); testling.setCredentials("user", "pass", ""); |